Google Hole Filled

The hole in IE that Chinese hackers used to hack Google is now fixed.

This particular exploit involves the hacker directing users to malicious Web sites where the real hacking work is done. A combination of bad publicity and a real security threat had Microsoft security programmers working overtime on a patch that covers IE 5, 6, 7 and 8.

Despite the fix for older versions of IE, Microsoft still recommends upgrading to IE 8, as well as Windows 7.

Posted by Doug Barney on 01/22/2010 at 1:17 PM2 comments


17-Year-Old Hole Found

It took nearly two decades, but a vulnerability in the Windows kernel that affects nearly all versions has been found.

While it took 17 years to uncover, it also took Microsoft over six months to issue an alert once the vulnerability was known. Fortunately, this elevation-of-privilege vulnerability requires the hacker to have network credentials and local access.

The hole, which is in all 32-bit versions of Windows from NT to present day, should be fixed next month.

Posted by Doug Barney on 01/22/2010 at 1:17 PM2 comments


Sun One Step Closer to Full Eclipse

I admit it: I'm a huge fan of Sun Microsystems. I like companies with creativity and guts. Sun is no me-too company.

But it soon may no longer be a company at all as the European Union this week approved Oracle's proposed $7.4 billion buyout. It's such a done deal that Larry Ellison is planning a Hugo Chavez-style five-hour company and press event next week on the matter.

I hate when innovative companies get bought. We no longer have an independent Lotus, Compaq or Digital Equipment Corp. Fortunately, there are new companies cropping up all the time. But the sad truth is that in IT, real power is concentrated in the hands of a few.

What's your favorite defunct computer company? Tell us all by writing [email protected].

Posted by Doug Barney on 01/22/2010 at 1:17 PM19 comments


Google Hack: It's All Microsoft's Fault

If the world ran on Firefox or Chrome, Google might still be committed to censoring in China. But with more than half of the market still in IE, hackers took advantage of a bug in the Microsoft browser to hack into the Gmail accounts of Chinese activists.

That's what prompted the Sino-Google conflict and led to Google threatening to take away the special version of its software that censors out anti-government content.

Microsoft admits to the flaw and has posted an advisory, which reported the bug affects nearly all versions of IE 6. With a patch still in the works, Microsoft at first advised setting IE security on "high." Upon further investigation, Redmond realized only IE 6 was vulnerable, and now advises upgrading to a more recent browser.

Posted by Doug Barney on 01/20/2010 at 1:17 PM2 comments


Google and Microsoft Look at Clouds from Both Sides Now

Google and Microsoft agree on less than Scott Brown and Martha Coakley, so it's no surprise they differ on clouds. Both companies' views are clearly informed by their pasts. In the case of Microsoft, it's always sold software meant to be installed on hard drives with files stored locally. Google is all about the Internet.

All this came out in a debate last week at the New York Technology Council. As you might expect, Google feels that everything can and should be done in the cloud -- with few or no exceptions. Microsoft believes in the cloud, in part because that's what the market believes and in part because it's the natural evolution of software. But Redmond feels that while some stuff should be in the cloud, there's also a critical role for old-style clients. Redmond sees a hybrid approach where data can be split between the two models and even synchronized.

Critics see self-interest powering both attitudes. Microsoft needs to protect its old base of products, while Google wants everything on the 'Net so it can index and sell ads against all this data.

Which company would you put your money on? Send your thoughts, but not your dollars, to [email protected].

Posted by Doug Barney on 01/20/2010 at 1:17 PM2 comments


Panasonic E-Mail Brouhaha

Earlier this week, I reported that Panasonic was moving a huge number of users from Exchange to LotusLive, a cloud-based e-mail and collaboration suite. Some of you wrote me, arguing that Panasonic was already a Notes shop and had just a handful of Exchange users. And you were right!

Now the plot thickens as Microsoft takes issue with IBM's assertions. Microsoft agrees with Redmond Report readers that only 4 percent of Panasonic users are on Exchange. IBM, wanting this to be a big win, claims that percentage is higher.

Microsoft also argues the LotusLive migration is simply part of an already existing contract, and is nothing new. In the same breath, Microsoft blasts IBM for its declining market share. Aren't these companies a little old for a cat fight?

Posted by Doug Barney on 01/20/2010 at 1:17 PM1 comments


Doug's Mailbag: Thoughts on Google vs. China, More

Readers have plenty to say about the possibility of Google shuttering its Chinese operations over a dispute about that government's censorship practices:

I think Google would be doing the right thing to pull out of China. China continues to violate a lot of human rights, and its people are largely exploited due to the control the government exerts on its population. If they were a free people, they would learn their own worth and make more money. Our people would stop shopping at Wal Mart, our trade imbalance would even up, U.S. companies could export their goods, our employment would go up, and everything wrong with this picture would start to get righteous again.

Besides, if Google stays and censorship becomes an accepted practice, how long before the Obama-nation follows suit?
-Mel

I'm rather annoyed that you published this blog with as little information as you did. This whole situation with Google and China extends far beyond the business scope of the geopolitical climate, and extends to inter-country relations. I would suggest that you specifically state how Google has been "[invading] privacy" for years. Also, I would like to remind you that iDefense and McAfee have released more information on the attack which you undermined by saying it was from a "Chinese group" to see what "dissidents were up to." McAfee and iDefense have said the attack is more sophisticated than any attack they have ever seen on any private company. They also said the attack was not just on Google; they say that 34 independent companies were attacked and even Google said in its blog that "intellectual property" was stolen. The companies go on to suggest that it was not simply a group in China that launched the attack, but it seems more likely that the Chinese government was behind it.

In my opinion, I think that Google's decision to change its policy in China is a retaliation to the attack. Ordinarily, cyberattacks are kept largely secret, and Google's decision to make this public could mean that it wants the Chinese people to see this all fold out and recognize how damaging their government's censorship laws are to freedom of information. However, to present the other side of the story, it is also possible that Google is making this public to provide a good reason for leaving China, where it is the No. 2 search engine behind China's Baidu.com. (This is unlikely, though, because the Chinese market still accounts for a significant income.)
-Scott

Although I applaud Google for taking a stand, I don't really buy its reason ("because this information goes to the heart of a much bigger global debate about freedom of speech"). Financially, it really isn't a big deal for Google, at least over the next three to five years. Its projected revenues in China are minimal compared to the hoped-for migration of businesses and governments to Gmail. And Google realizes that it will not win those other accounts if its e-mail is easily hacked and it doesn't stand up against it. If you don't think so, reread their blog; the first bullet is essentially, "It's not only us."

Google has spun some negative publicity into positive by being proactive in finding the breaches (and notifying those other companies that weren't as smart as Google in figuring it out) and by taking a stand against human rights violations. This gives potential customers a warm-fuzzy about Google's security when it was actually breached. Not bad spin. Microsoft, on the other hand, has an enormous potential for sales (or savings of sales) in China. China helped save almost $2 billion in counterfeit sales by busting a pirate ring in 2007. I think MS would be pretty buddy-buddy with China over that, freedom of speech violations be damned. As always, follow the money.
-Joseph

Meanwhile, as Doug mentioned, several of you were quick to point out that Panasonic was largely a Lotus shop, anyway:

Further research reveals that Panasonic isn't switching from Exchange at all. Only 4 percent of their users were on Exchange, so that 300,000 users is more like 12,000 users being switched. The key point would be: How happy will these users be AFTER the switch from Exchange to LotusLive?
-Chris

From my understanding, Panasonic has always been a Lotus Notes shop and only had a small percentage of their users on Exchange to begin with. The LotusLive deal might be a big deal for IBM, but it doesn't really seem to be a big deal for Microsoft. It may be a fundamental change, but not really a Lotus vs. Microsoft one.
-Steven

eWEEK is reporting that Panasonic is not a massive Exchange shop, with only 4,000 Exchange users, and that they are on Lotus Notes already.
-Henry

Regardless of the numbers, Mike thinks moving from Exchange to Lotus is a downgrade:

I used to work at an IT shop that used Lotus Notes for e-mail. It sucked. Unless they have made some major improvements since then, I wouldn't want anything to do with it. It was way overblown bloat-code for e-mail. I am much happier to be back on an Exchange server.
-Mike

Tell us what you think! Leave a comment or e-mail [email protected].

Posted by Doug Barney on 01/20/2010 at 1:17 PM0 comments


China vs. Google vs. Microsoft

Google is apparently ready to give up on the world's most populated country all because it censors the Internet.

It seems disingenuous of Google to threaten to leave China when Google invades privacy and has for years allowed China to dictate what searchers see on their Google results pages. In fact, Google built a special version of its search engine for China that "self-censors."

That engine was built in 2006, and ever since Google has been apparently happy with China. That is, until a Chinese group tried to hack Gmail to see what dissidents were up to. That has Google so peeved it may just walk away from the country.

While I do think taking a stand on this issue when Google is on the wrong side of so many others is disingenuous (and thank you, Eric Schmidt, for giving me an opportunity to use a really big word), I do find the Google move exciting. Walking away from a billion potential users takes guts.

Meanwhile, Microsoft says it will stay in China and respect Chinese laws. Of course, Hotmail didn't get hacked so there's no real impetus.

I'm not sure that a U.S. company should impose U.S. values on a foreign nation. On the other hand, we may not want to allow our technology to suppress others. What's your take? Fire up Gmail, Hotmail or whatever mail and send your thoughts to [email protected].

[This post previously said that Google's "self-censoring" Chinese-version search engine was built in 1996. The correct year is 2006. --Ed.]

Posted by Doug Barney on 01/18/2010 at 1:17 PM9 comments


Doug's Mailbag: Office Savings, Gartner's Burton Buy, More

Bruce praises MSDN for making Office upgrades a little less painful on the budget:

If I were not a developer, I would probably never buy another version of Office again. But I have Office "everything" for reason: MSDN. I got the subscription a number of years ago when I realized I could get it and save a huge ton of money on software. For $2,499, I get everything and then some, plus all of the updates. Included in this deal is Office in whatever flavor you want. They also throw in MapPoint and Project and all of the other bells and whistles. And yes, this includes the OS too. And the nice thing about it is that you get the REAL install DVDs and you get to install the software any darn way you want without Dell, HP, etc. making choices for what to leave out. And believe me, they do leave things out which force you to either install new parts -- which may or may not be on the install DVD they give you.

So basically, what we get through MSDN is what you would call the retail version, but you end up paying less than retail. If you are in academia, this is DEFINITELY the way to go as the academia price for MSDN is dirt cheap. I wish I was in that world, but I'm not.
-Bruce

Don shares his thoughts about Gartner's acquisition of Burton Group:

I am rather sorry to see the Burton Group go under Gartner's wing. Hope they are able to hang on to their top talent. My company has a contract with Burton that gives many users access to all the research available on their site. Have found their mostly non-biased information and analyses particularly useful when doing trade studies (such as virtualization solutions).

Gartner has made many predictions that, to me, seem way off base and I really don't rely on their information too much. It may depend on the area in which one's research lies as to whether an analyst's conclusions are useful and/or accurate.
-Don

Stephen's feedback on Azure isn't very encouraging:

My experience with Azure was terrible. One, the best documentation I could find on how to access and use Azure came in a SQL newsletter I receive about two months after I had given up. Two, it was not obvious that I had networking access to my Azure account as the test tool never responded in a meaningful fashion. After getting corporate IT to review it, we concluded I did have access, but then I couldn't figure out how to configure any client-side tool to connect with it. It was only after reading the article referenced above that I found out I was supposed to be using a command-line tool. (Command-line? What decade is this?) Three, there did not appear to be any facility to upload an existing database; a simple tool that imported a SQL backup file would have been ideal. Four, a tool like phpMyAdmin would have been great to interact with the database remotely since I could make a database, but couldn't work with it.

So yeah, I gave up. Maybe I'll try again in a year when the technology and documentation match my expectations of SaaS technology.
-Stephen

And finally, a Gmail gripe:

Google's Gmail is surprisingly behind the times with user friendliness, IMHO. For instance, why does it take three mouse clicks to mark a message unread? One, check the box next to the e-mail. Two, click on "More Actions." Three, select "Mark Unread."

I'm hanging in there with the faith that they will improve their functionality.
-EJ

Tell us what you think! Leave a comment below or send an e-mail to [email protected].

Posted by Doug Barney on 01/18/2010 at 1:17 PM0 comments


If You Think Microsoft Patches a Lot, Just Try Adobe

Microsoft gets a bad rap for security, some of it deserved, some not. Meanwhile, other vendors operate with un-blackened eyes even though their software has more holes than an old Alaskan fishing net.

Last week, we reported that Oracle sent out two dozen patches in its latest round. Now, we find out that Adobe is patching many versions of Adobe Reader.

This doesn't sound like a big deal 'til you realize that most Macs and PCs run Reader to view PDFs. That's a lot of vulnerable machines.

Posted by Doug Barney on 01/18/2010 at 1:17 PM2 comments


Panasonic Exchanges E-Mail

Massive Exchange shop Panasonic is giving the Microsoft e-mail platform the boot, not just switching vendors but fundamentally changing the way its e-mail is handled.

LotusLive offers a service-based approach to mail, Web conferencing, social networking and collaboration.

This deal ain't no small potatoes. Panasonic could have over 300,000 users on LotusLive in the coming years. Bet the Microsoft rep who handles Panasonic mail didn't have a very merry Christmas!

There'll probably be more Lotus news next week when the longstanding Lotusphere conference takes place.

Do you use a non-Microsoft e-mail system, and if so, why? Shoot your experiences to [email protected].

Posted by Doug Barney on 01/18/2010 at 1:17 PM7 comments


Rental Agreement

As we discussed Wednesday, software licensing is a tricky thing. The licenses are written by lawyers in consultation with software folks. Can you say complex?

One of the hidden secrets of Windows and Office licenses is they don't allow for machines to be rented. Instead, thousands of Internet cafes, rental companies and gaming centers around the world have paid a subscription fee -- or pretended nothing's wrong.

Microsoft has a fix: Pay a one-time fee, and now your PC can be rented out to whomever. This is far simpler than shelling out subscription fees every month. The price for the Windows rental option is $23, and Office starts at $45. And no, you don't need to buy extra insurance!

Posted by Doug Barney on 01/15/2010 at 1:17 PM0 comments


Subscribe on YouTube

Upcoming Training Events

0 AM
TechMentor @ Microsoft HQ
August 11-15, 2025